[Bro] Hardware Experience
Jason Chambers
jchambers at ucla.edu
Thu May 28 11:00:30 PDT 2009
Martin Holste wrote:
> Your DAG experience is interesting. We demoed the 6.2SE's and they
> seemed to run OK on libpcap apps for a few days in late 2006. We've
> been running the smaller 1 Gb cousin, the 4.5G2, in production since
> then with zero stability problems with libpcap apps. Link size is 1 Gb
> physical, 450 Mb/sec typical load. In my experience though, the
> difference maker is rarely in getting the packets to the CPU, but rather
> in the CPU grepping through the packets fast enough. I anticipate that
> the Bro cluster work will do more for full snaplength processing than
> hardware acceleration will unless someone writes Bro for Nvidia's CUDA
> like they wrote Snort for CUDA with Gnort.
>
I recommend these cards available from nPulse networks. [1] (Napatech is
the OEM). They have more features than the Endace cards and twice the
port density. And, they fully support FreeBSD. Despite my numerous
requests it seems Endace maintains that there will not be future support
for FreeBSD due to lack of demand. To the best of my knowledge, the
last official supported FreeBSD version from Endace is the 6.x train.
Anyhow that's my personal gripe.
[1] http://www.npulsenetworks.com/
Napatech 2x10GE NT20E
http://www.napatech.com/products/capture_adapters/2x10g_pcie_nt20e.html
And when it's available, the NTNPU20E looks like a very exciting
complement to the NT20E's. It was displayed at Interop but is still a
few months out from release.
http://www.napatech.com/products/inspect_adapters.html
HTH,
--Jason
More information about the Bro
mailing list